continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <>
Subject Re: Security in Continuum
Date Tue, 17 Jan 2006 22:05:44 GMT

On Jan 13, 2006, at 6:58 AM, John Casey wrote:

> Looks like this isn't an option unless we can make it work on  
> Windows...

Darn.  I shot a note off to Greg the JPam guy to see what he's got  
going on there.  At the very least, we use the API that Trygve  
proposes and create an implementation for JPam if someone really  
wants it.


> From the documentation:
> Jpam can be used on:
>    1. Linux x86
>    2. Linux x86_64, including AMD64
>    3. Mac OS X
>    4. Solaris sparc
> PAM is used on Unix and Unix-like operating systems. JPAM should be  
> readily portable to other *nixes.
> -john
> David Blevins wrote:
>> On Jan 12, 2006, at 2:25 PM, Emmanuel Venisse wrote:
>>> David Blevins a écrit :
>>>> On Jan 11, 2006, at 10:13 AM, Emmanuel Venisse wrote:
>>>>> Hi,
>>>>> In 1.1, we have decided to rework all security features.
>>>>> I tried to use osuser but this framework is crappy :
>>>> [...]
>>>>> I looked at seraph too. This project seems to be interesting,  
>>>>> it's  used by confluence and jira. It seems we have all we need  
>>>>> in it but  it require to be used in a web app environment, so i  
>>>>> think we can't  use it if we want to use security framework in  
>>>>> a standalone app in  future.
>>>> Interesting, if you look at the dependencies for seraph, it's  
>>>> clearly  using osuser.
>>>>   -
>>> osuser is use only for the DefaultAuthenticator, if you don't use  
>>> it, you don't need osuser.
>>>> Wonder if "writing our own" option couldn't mean writing our  
>>>> own  wrapper for osuser.
>>> not exactly. osuser would can be supported by a provider of our  
>>> own. But if we decide to write it, it must be extensible with  
>>> providers like other framework(osuser, seraph...) and ldap, jaas...
>> I can't believe i forgot about this.
>> Then we could do real security and not java-toy security only  
>> usable by continuum.
>> I've got a shared LDAP directory up on right now  
>> which we use instead of /etc/passwd files for logging into the  
>> various gbuild machines.  There is a j2eetck group that we put  
>> people in if they are allowed to see tck related stuff.  Would be  
>> excellent if we could use that exact setup in continuum to lock  
>> off certain projects to only be visible to that or other groups.   
>> I've had to setup cron jobs to build the various things that are  
>> tck private -- made an attempt to put up a non-public continuum  
>> install for that, but it was too much of a pain.
>> -David
>>> Emmanuel

View raw message